ArchLinuxASA-201710-24[ASA-201710-24] linux-zen: privilege escalation
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.0%
Arch Linux Security Advisory ASA-201710-24
Severity: High
Date : 2017-10-16
CVE-ID : CVE-2017-5123
Package : linux-zen
Type : privilege escalation
Remote : No
Link : https://security.archlinux.org/AVG-445
Summary
The package linux-zen before version 4.13.7-1 is vulnerable to
privilege escalation.
Resolution
Upgrade to 4.13.7-1.
pacman -Syu “linux-zen>=4.13.7-1”
The problem has been fixed upstream in version 4.13.7.
Workaround
None.
Description
It was discovered that when the waitid() syscall in Linux kernel v4.13
was refactored, it accidentally stopped checking that the incoming
argument was pointing to userspace. This allowed local attackers to
write directly to kernel memory, which could lead to privilege
escalation.
Impact
A local attacker is able to escalate privileges on the affected host.
References
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96ca579a1ecc943b75beba58bebb0356f6cc4b51
https://security.archlinux.org/CVE-2017-5123
Related
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
27.0%